Albanian
Shqip
Arabic
العربية
Belarusian
Беларуская
Bengali
বাংলা
Bulgarian
Български
Cambodian
ខ្មែរ
Croatian
Hrvatski
Czech
Český
English
English
Esperanto
Esperanto
Filipino
Filipino
French
Français
German
Deutsch
Greek
Ελληνικά
Hausa
Hausa
Hebrew
עברית
Hungarian
Magyar
Hindi
हिन्दी
Indonesian
Bahasa Indonesia
Italian
Italiano
Japanese
日本語
Korean
한국어
Lao
ລາວ
Malay
Bahasa Melayu
Mongolian
Монгол
Myanmar
မြန်မာဘာသာ
Nepali
नेपाली
Persian
فارسی
Polish
Polski
Portuguese
Português
Pashto
پښتو
Romanian
Română
Russian
Русский
Serbian
Српски
Sinhalese
සිංහල
Spanish
Español
Swahili
Kiswahili
Tamil
தமிழ்
Thai
ไทย
Turkish
Türkçe
Ukrainian
Українська
Urdu
اردو
Vietnamese
Tiếng Việt
By continuing to browse our site you agree to our use of cookies, revised Privacy Policy and Terms of Use. You can change your cookie settings through your browser.
I agree
Search Trends
CHOOSE YOUR LANGUAGE
DOWNLOAD OUR APP
Copyright © 2026 CGTN.
京ICP备20000184号
京公网安备 11010502050052号
互联网新闻信息许可证10120180008
Disinformation report hotline: 010-85061466
A graphic depicting the open-source AI agent OpenClaw. /VCG
China's information technology regulator on Thursday flagged security risks linked to the open-source AI agent OpenClaw.
China's National Vulnerability Database (NVDB), operated by the Ministry of Industry and Information Technology, said OpenClaw instances face elevated risks under default or improper configurations, making them vulnerable to cyberattacks and data leaks.
OpenClaw, formerly known as Clawdbot and Moltbot, is an open-source AI agent that integrates multi-channel communications with large language models to build customized assistants with persistent memory and proactive execution, and supports private, local deployment.
The agent has seen a viral rise since it was first introduced in November, receiving more than 100,000 stars on code repository GitHub and drawing in 2 million visitors in a single week, according to a blog post by its creator, Peter Steinberger.
It has also been gaining popularity among Chinese technology enthusiasts, with cloud service providers rushing to offer hosting solutions for the rapidly growing platform.
China's largest cloud service providers, including Alibaba, Tencent, and Baidu, have launched services that allow users to rent servers to run OpenClaw remotely, rather than on personal devices, according to the companies' OpenClaw deployment pages.
NVDB said unclear trust boundaries during deployment, combined with continuous operation, autonomous decision-making, and access to system and external resources, could expose instances to prompt-induced misuse, configuration flaws, or hostile takeovers in the absence of effective controls.
It also warned that such scenarios could lead to unauthorized actions, data leakage and system compromise if access controls, auditing and security hardening are insufficient.
The notice urged organizations and users to review public network exposure, permission settings and credential management, close unnecessary public access, and strengthen identity authentication, access control, data encryption and security auditing.
OpenClaw gained attention this week after a new social network, Moltbook, advertised that it is exclusively for OpenClaw bots. Cybersecurity firm Wiz said on Monday that the network had a major flaw that exposed private data on thousands of people.
(With input from Reuters)